Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.lakeformation.getPermissions
Explore with Pulumi AI
Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, tables, LF-tags, and LF-tag policies. For more information, see Security and Access Control to Metadata and Data in Lake Formation.
NOTE: This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see Implicit Lake Formation Permissions.
Example Usage
Permissions For A Lake Formation S3 Resource
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.lakeformation.getPermissions({
principal: workflowRole.arn,
dataLocation: {
arn: testAwsLakeformationResource.arn,
},
});
import pulumi
import pulumi_aws as aws
test = aws.lakeformation.get_permissions(principal=workflow_role["arn"],
data_location={
"arn": test_aws_lakeformation_resource["arn"],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
Principal: workflowRole.Arn,
DataLocation: lakeformation.GetPermissionsDataLocation{
Arn: testAwsLakeformationResource.Arn,
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.LakeFormation.GetPermissions.Invoke(new()
{
Principal = workflowRole.Arn,
DataLocation = new Aws.LakeFormation.Inputs.GetPermissionsDataLocationInputArgs
{
Arn = testAwsLakeformationResource.Arn,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsDataLocationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
.principal(workflowRole.arn())
.dataLocation(GetPermissionsDataLocationArgs.builder()
.arn(testAwsLakeformationResource.arn())
.build())
.build());
}
}
variables:
test:
fn::invoke:
function: aws:lakeformation:getPermissions
arguments:
principal: ${workflowRole.arn}
dataLocation:
arn: ${testAwsLakeformationResource.arn}
Permissions For A Glue Catalog Database
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.lakeformation.getPermissions({
principal: workflowRole.arn,
database: {
name: testAwsGlueCatalogDatabase.name,
catalogId: "110376042874",
},
});
import pulumi
import pulumi_aws as aws
test = aws.lakeformation.get_permissions(principal=workflow_role["arn"],
database={
"name": test_aws_glue_catalog_database["name"],
"catalog_id": "110376042874",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
Principal: workflowRole.Arn,
Database: lakeformation.GetPermissionsDatabase{
Name: testAwsGlueCatalogDatabase.Name,
CatalogId: "110376042874",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.LakeFormation.GetPermissions.Invoke(new()
{
Principal = workflowRole.Arn,
Database = new Aws.LakeFormation.Inputs.GetPermissionsDatabaseInputArgs
{
Name = testAwsGlueCatalogDatabase.Name,
CatalogId = "110376042874",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsDatabaseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
.principal(workflowRole.arn())
.database(GetPermissionsDatabaseArgs.builder()
.name(testAwsGlueCatalogDatabase.name())
.catalogId("110376042874")
.build())
.build());
}
}
variables:
test:
fn::invoke:
function: aws:lakeformation:getPermissions
arguments:
principal: ${workflowRole.arn}
database:
name: ${testAwsGlueCatalogDatabase.name}
catalogId: '110376042874'
Permissions For Tag-Based Access Control
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = aws.lakeformation.getPermissions({
principal: workflowRole.arn,
lfTagPolicy: {
resourceType: "DATABASE",
expressions: [
{
key: "Team",
values: ["Sales"],
},
{
key: "Environment",
values: [
"Dev",
"Production",
],
},
],
},
});
import pulumi
import pulumi_aws as aws
test = aws.lakeformation.get_permissions(principal=workflow_role["arn"],
lf_tag_policy={
"resource_type": "DATABASE",
"expressions": [
{
"key": "Team",
"values": ["Sales"],
},
{
"key": "Environment",
"values": [
"Dev",
"Production",
],
},
],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lakeformation"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{
Principal: workflowRole.Arn,
LfTagPolicy: lakeformation.GetPermissionsLfTagPolicy{
ResourceType: "DATABASE",
Expressions: []lakeformation.GetPermissionsLfTagPolicyExpression{
{
Key: "Team",
Values: []string{
"Sales",
},
},
{
Key: "Environment",
Values: []string{
"Dev",
"Production",
},
},
},
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = Aws.LakeFormation.GetPermissions.Invoke(new()
{
Principal = workflowRole.Arn,
LfTagPolicy = new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyInputArgs
{
ResourceType = "DATABASE",
Expressions = new[]
{
new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyExpressionInputArgs
{
Key = "Team",
Values = new[]
{
"Sales",
},
},
new Aws.LakeFormation.Inputs.GetPermissionsLfTagPolicyExpressionInputArgs
{
Key = "Environment",
Values = new[]
{
"Dev",
"Production",
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lakeformation.LakeformationFunctions;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsArgs;
import com.pulumi.aws.lakeformation.inputs.GetPermissionsLfTagPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var test = LakeformationFunctions.getPermissions(GetPermissionsArgs.builder()
.principal(workflowRole.arn())
.lfTagPolicy(GetPermissionsLfTagPolicyArgs.builder()
.resourceType("DATABASE")
.expressions(
GetPermissionsLfTagPolicyExpressionArgs.builder()
.key("Team")
.values("Sales")
.build(),
GetPermissionsLfTagPolicyExpressionArgs.builder()
.key("Environment")
.values(
"Dev",
"Production")
.build())
.build())
.build());
}
}
variables:
test:
fn::invoke:
function: aws:lakeformation:getPermissions
arguments:
principal: ${workflowRole.arn}
lfTagPolicy:
resourceType: DATABASE
expressions:
- key: Team
values:
- Sales
- key: Environment
values:
- Dev
- Production
Using getPermissions
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getPermissions(args: GetPermissionsArgs, opts?: InvokeOptions): Promise<GetPermissionsResult>
function getPermissionsOutput(args: GetPermissionsOutputArgs, opts?: InvokeOptions): Output<GetPermissionsResult>def get_permissions(catalog_id: Optional[str] = None,
catalog_resource: Optional[bool] = None,
data_cells_filter: Optional[GetPermissionsDataCellsFilter] = None,
data_location: Optional[GetPermissionsDataLocation] = None,
database: Optional[GetPermissionsDatabase] = None,
lf_tag: Optional[GetPermissionsLfTag] = None,
lf_tag_policy: Optional[GetPermissionsLfTagPolicy] = None,
principal: Optional[str] = None,
table: Optional[GetPermissionsTable] = None,
table_with_columns: Optional[GetPermissionsTableWithColumns] = None,
opts: Optional[InvokeOptions] = None) -> GetPermissionsResult
def get_permissions_output(catalog_id: Optional[pulumi.Input[str]] = None,
catalog_resource: Optional[pulumi.Input[bool]] = None,
data_cells_filter: Optional[pulumi.Input[GetPermissionsDataCellsFilterArgs]] = None,
data_location: Optional[pulumi.Input[GetPermissionsDataLocationArgs]] = None,
database: Optional[pulumi.Input[GetPermissionsDatabaseArgs]] = None,
lf_tag: Optional[pulumi.Input[GetPermissionsLfTagArgs]] = None,
lf_tag_policy: Optional[pulumi.Input[GetPermissionsLfTagPolicyArgs]] = None,
principal: Optional[pulumi.Input[str]] = None,
table: Optional[pulumi.Input[GetPermissionsTableArgs]] = None,
table_with_columns: Optional[pulumi.Input[GetPermissionsTableWithColumnsArgs]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetPermissionsResult]func LookupPermissions(ctx *Context, args *LookupPermissionsArgs, opts ...InvokeOption) (*LookupPermissionsResult, error)
func LookupPermissionsOutput(ctx *Context, args *LookupPermissionsOutputArgs, opts ...InvokeOption) LookupPermissionsResultOutput> Note: This function is named LookupPermissions in the Go SDK.
public static class GetPermissions
{
public static Task<GetPermissionsResult> InvokeAsync(GetPermissionsArgs args, InvokeOptions? opts = null)
public static Output<GetPermissionsResult> Invoke(GetPermissionsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetPermissionsResult> getPermissions(GetPermissionsArgs args, InvokeOptions options)
public static Output<GetPermissionsResult> getPermissions(GetPermissionsArgs args, InvokeOptions options)
fn::invoke:
function: aws:lakeformation/getPermissions:getPermissions
arguments:
# arguments dictionaryThe following arguments are supported:
- Principal string
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Catalog
Resource bool - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - Data
Cells GetFilter Permissions Data Cells Filter - Configuration block for a data cells filter resource. Detailed below.
- Data
Location GetPermissions Data Location - Configuration block for a data location resource. Detailed below.
- Database
Get
Permissions Database - Configuration block for a database resource. Detailed below.
- Lf
Tag GetPermissions Lf Tag - Configuration block for an LF-tag resource. Detailed below.
- Lf
Tag GetPolicy Permissions Lf Tag Policy - Configuration block for an LF-tag policy resource. Detailed below.
- Table
Get
Permissions Table - Configuration block for a table resource. Detailed below.
- Table
With GetColumns Permissions Table With Columns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
- Principal string
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- Catalog
Id string - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- Catalog
Resource bool - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - Data
Cells GetFilter Permissions Data Cells Filter - Configuration block for a data cells filter resource. Detailed below.
- Data
Location GetPermissions Data Location - Configuration block for a data location resource. Detailed below.
- Database
Get
Permissions Database - Configuration block for a database resource. Detailed below.
- Lf
Tag GetPermissions Lf Tag - Configuration block for an LF-tag resource. Detailed below.
- Lf
Tag GetPolicy Permissions Lf Tag Policy - Configuration block for an LF-tag policy resource. Detailed below.
- Table
Get
Permissions Table - Configuration block for a table resource. Detailed below.
- Table
With GetColumns Permissions Table With Columns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
- principal String
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- catalog
Resource Boolean - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - data
Cells GetFilter Permissions Data Cells Filter - Configuration block for a data cells filter resource. Detailed below.
- data
Location GetPermissions Data Location - Configuration block for a data location resource. Detailed below.
- database
Get
Permissions Database - Configuration block for a database resource. Detailed below.
- lf
Tag GetPermissions Lf Tag - Configuration block for an LF-tag resource. Detailed below.
- lf
Tag GetPolicy Permissions Lf Tag Policy - Configuration block for an LF-tag policy resource. Detailed below.
- table
Get
Permissions Table - Configuration block for a table resource. Detailed below.
- table
With GetColumns Permissions Table With Columns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
- principal string
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- catalog
Id string - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- catalog
Resource boolean - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - data
Cells GetFilter Permissions Data Cells Filter - Configuration block for a data cells filter resource. Detailed below.
- data
Location GetPermissions Data Location - Configuration block for a data location resource. Detailed below.
- database
Get
Permissions Database - Configuration block for a database resource. Detailed below.
- lf
Tag GetPermissions Lf Tag - Configuration block for an LF-tag resource. Detailed below.
- lf
Tag GetPolicy Permissions Lf Tag Policy - Configuration block for an LF-tag policy resource. Detailed below.
- table
Get
Permissions Table - Configuration block for a table resource. Detailed below.
- table
With GetColumns Permissions Table With Columns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
- principal str
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- catalog_
id str - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- catalog_
resource bool - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - data_
cells_ Getfilter Permissions Data Cells Filter - Configuration block for a data cells filter resource. Detailed below.
- data_
location GetPermissions Data Location - Configuration block for a data location resource. Detailed below.
- database
Get
Permissions Database - Configuration block for a database resource. Detailed below.
- lf_
tag GetPermissions Lf Tag - Configuration block for an LF-tag resource. Detailed below.
- lf_
tag_ Getpolicy Permissions Lf Tag Policy - Configuration block for an LF-tag policy resource. Detailed below.
- table
Get
Permissions Table - Configuration block for a table resource. Detailed below.
- table_
with_ Getcolumns Permissions Table With Columns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
- principal String
Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.
One of the following is required:
- catalog
Id String - Identifier for the Data Catalog. By default, the account ID. The Data Catalog is the persistent metadata store. It contains database definitions, table definitions, and other control information to manage your Lake Formation environment.
- catalog
Resource Boolean - Whether the permissions are to be granted for the Data Catalog. Defaults to
false. - data
Cells Property MapFilter - Configuration block for a data cells filter resource. Detailed below.
- data
Location Property Map - Configuration block for a data location resource. Detailed below.
- database Property Map
- Configuration block for a database resource. Detailed below.
- lf
Tag Property Map - Configuration block for an LF-tag resource. Detailed below.
- lf
Tag Property MapPolicy - Configuration block for an LF-tag policy resource. Detailed below.
- table Property Map
- Configuration block for a table resource. Detailed below.
- table
With Property MapColumns Configuration block for a table with columns resource. Detailed below.
The following arguments are optional:
getPermissions Result
The following output properties are available:
- Data
Cells GetFilter Permissions Data Cells Filter - Data
Location GetPermissions Data Location - Database
Get
Permissions Database - Id string
- The provider-assigned unique ID for this managed resource.
- Lf
Tag GetPermissions Lf Tag - Lf
Tag GetPolicy Permissions Lf Tag Policy - Permissions List<string>
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- Permissions
With List<string>Grant Options - Subset of
permissionswhich the principal can pass. - Principal string
- Table
Get
Permissions Table - Table
With GetColumns Permissions Table With Columns - Catalog
Id string - Catalog
Resource bool
- Data
Cells GetFilter Permissions Data Cells Filter - Data
Location GetPermissions Data Location - Database
Get
Permissions Database - Id string
- The provider-assigned unique ID for this managed resource.
- Lf
Tag GetPermissions Lf Tag - Lf
Tag GetPolicy Permissions Lf Tag Policy - Permissions []string
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- Permissions
With []stringGrant Options - Subset of
permissionswhich the principal can pass. - Principal string
- Table
Get
Permissions Table - Table
With GetColumns Permissions Table With Columns - Catalog
Id string - Catalog
Resource bool
- data
Cells GetFilter Permissions Data Cells Filter - data
Location GetPermissions Data Location - database
Get
Permissions Database - id String
- The provider-assigned unique ID for this managed resource.
- lf
Tag GetPermissions Lf Tag - lf
Tag GetPolicy Permissions Lf Tag Policy - permissions List<String>
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- permissions
With List<String>Grant Options - Subset of
permissionswhich the principal can pass. - principal String
- table
Get
Permissions Table - table
With GetColumns Permissions Table With Columns - catalog
Id String - catalog
Resource Boolean
- data
Cells GetFilter Permissions Data Cells Filter - data
Location GetPermissions Data Location - database
Get
Permissions Database - id string
- The provider-assigned unique ID for this managed resource.
- lf
Tag GetPermissions Lf Tag - lf
Tag GetPolicy Permissions Lf Tag Policy - permissions string[]
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- permissions
With string[]Grant Options - Subset of
permissionswhich the principal can pass. - principal string
- table
Get
Permissions Table - table
With GetColumns Permissions Table With Columns - catalog
Id string - catalog
Resource boolean
- data_
cells_ Getfilter Permissions Data Cells Filter - data_
location GetPermissions Data Location - database
Get
Permissions Database - id str
- The provider-assigned unique ID for this managed resource.
- lf_
tag GetPermissions Lf Tag - lf_
tag_ Getpolicy Permissions Lf Tag Policy - permissions Sequence[str]
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- permissions_
with_ Sequence[str]grant_ options - Subset of
permissionswhich the principal can pass. - principal str
- table
Get
Permissions Table - table_
with_ Getcolumns Permissions Table With Columns - catalog_
id str - catalog_
resource bool
- data
Cells Property MapFilter - data
Location Property Map - database Property Map
- id String
- The provider-assigned unique ID for this managed resource.
- lf
Tag Property Map - lf
Tag Property MapPolicy - permissions List<String>
- List of permissions granted to the principal. For details on permissions, see Lake Formation Permissions Reference.
- permissions
With List<String>Grant Options - Subset of
permissionswhich the principal can pass. - principal String
- table Property Map
- table
With Property MapColumns - catalog
Id String - catalog
Resource Boolean
Supporting Types
GetPermissionsDataCellsFilter
- Database
Name string - The name of the database.
- Name string
- The name of the data cells filter.
- Table
Catalog stringId - The ID of the Data Catalog.
- Table
Name string - The name of the table.
- Database
Name string - The name of the database.
- Name string
- The name of the data cells filter.
- Table
Catalog stringId - The ID of the Data Catalog.
- Table
Name string - The name of the table.
- database
Name String - The name of the database.
- name String
- The name of the data cells filter.
- table
Catalog StringId - The ID of the Data Catalog.
- table
Name String - The name of the table.
- database
Name string - The name of the database.
- name string
- The name of the data cells filter.
- table
Catalog stringId - The ID of the Data Catalog.
- table
Name string - The name of the table.
- database_
name str - The name of the database.
- name str
- The name of the data cells filter.
- table_
catalog_ strid - The ID of the Data Catalog.
- table_
name str - The name of the table.
- database
Name String - The name of the database.
- name String
- The name of the data cells filter.
- table
Catalog StringId - The ID of the Data Catalog.
- table
Name String - The name of the table.
GetPermissionsDataLocation
- arn str
ARN that uniquely identifies the data location resource.
The following argument is optional:
- catalog_
id str - Identifier for the Data Catalog where the location is registered with Lake Formation. By default, it is the account ID of the caller.
GetPermissionsDatabase
- catalog_
id str - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- name str
Name of the database resource. Unique to the Data Catalog.
The following argument is optional:
GetPermissionsLfTag
- catalog_
id str - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- key str
- Key-name for the tag.
- values Sequence[str]
List of possible values an attribute can take.
The following argument is optional:
GetPermissionsLfTagPolicy
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Expressions
List<Get
Permissions Lf Tag Policy Expression> List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- Resource
Type string - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Expressions
[]Get
Permissions Lf Tag Policy Expression List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- Resource
Type string - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- expressions
List<Get
Permissions Lf Tag Policy Expression> List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- resource
Type String - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
- catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- expressions
Get
Permissions Lf Tag Policy Expression[] List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- resource
Type string - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
- catalog_
id str - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- expressions
Sequence[Get
Permissions Lf Tag Policy Expression] List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- resource_
type str - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- expressions List<Property Map>
List of tag conditions that apply to the resource's tag policy. Configuration block for tag conditions that apply to the policy. See
expressionbelow.The following argument is optional:
- resource
Type String - Resource type for which the tag policy applies. Valid values are
DATABASEandTABLE.
GetPermissionsLfTagPolicyExpression
GetPermissionsTable
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Database
Name string Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- Name string
- Name of the table. At least one of
nameorwildcardis required. - Wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Database
Name string Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- Name string
- Name of the table. At least one of
nameorwildcardis required. - Wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name String Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- name String
- Name of the table. At least one of
nameorwildcardis required. - wildcard Boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name string Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- name string
- Name of the table. At least one of
nameorwildcardis required. - wildcard boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog_
id str - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database_
name str Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- name str
- Name of the table. At least one of
nameorwildcardis required. - wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name String Name of the database for the table. Unique to a Data Catalog.
The following arguments are optional:
- name String
- Name of the table. At least one of
nameorwildcardis required. - wildcard Boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
GetPermissionsTableWithColumns
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Database
Name string - Name of the database for the table with columns resource. Unique to the Data Catalog.
- Name string
Name of the table resource.
The following arguments are optional:
- Column
Names List<string> - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - Excluded
Column List<string>Names - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - Wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- Catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- Database
Name string - Name of the database for the table with columns resource. Unique to the Data Catalog.
- Name string
Name of the table resource.
The following arguments are optional:
- Column
Names []string - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - Excluded
Column []stringNames - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - Wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name String - Name of the database for the table with columns resource. Unique to the Data Catalog.
- name String
Name of the table resource.
The following arguments are optional:
- column
Names List<String> - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - excluded
Column List<String>Names - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - wildcard Boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id string - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name string - Name of the database for the table with columns resource. Unique to the Data Catalog.
- name string
Name of the table resource.
The following arguments are optional:
- column
Names string[] - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - excluded
Column string[]Names - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - wildcard boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog_
id str - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database_
name str - Name of the database for the table with columns resource. Unique to the Data Catalog.
- name str
Name of the table resource.
The following arguments are optional:
- column_
names Sequence[str] - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - excluded_
column_ Sequence[str]names - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - wildcard bool
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
- catalog
Id String - Identifier for the Data Catalog. By default, it is the account ID of the caller.
- database
Name String - Name of the database for the table with columns resource. Unique to the Data Catalog.
- name String
Name of the table resource.
The following arguments are optional:
- column
Names List<String> - Set of column names for the table. At least one of
column_namesorexcluded_column_namesis required. - excluded
Column List<String>Names - Set of column names for the table to exclude. At least one of
column_namesorexcluded_column_namesis required. - wildcard Boolean
- Whether to use a wildcard representing every table under a database. At least one of
nameorwildcardis required. Defaults tofalse.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.